[Rspamd-Users] Greylisting oddity.
Reio Remma
reio at mrstuudio.ee
Fri Dec 6 10:30:14 UTC 2019
Hello!
I have this specific mail that is being greylisted and the sender tries
to resend it every 60 minutes. For some reason it is persistently
greylisted.
My unmodified greylist config has expire = 86400, timeout = 300 and
greylisting works for all other mails.
The logs seem identical for all the attempts and they come in from the
same IP.
Curiously, they also log: Score too low - skip greylisting, but then get
greylisted.
Greylist limit is at 4, the mail scores 4.23. Of the more unusual
matches I see NEURAL_SPAM_SHORT, which pushes it over the limit.
Any ideas?
Thanks,
Reio
2019-12-06 08:07:44 #493(normal) <ac24e9>; task; rspamd_message_parse:
loaded message; id:
<0.0.10F.3A4.1D5AB6CDC25D1C4.0 at b12.mta01.sendsmaily.info>; queue-id:
<52a05bf9>; size: 35441; checksum: <e089b694fb52004b504df2d0bddc8402>
2019-12-06 08:07:44 #493(normal) <ac24e9>; lua; greylist.lua:298: Score
too low - skip greylisting
2019-12-06 08:07:44 #493(normal) <ac24e9>; task; rspamd_task_write_log:
id: <0.0.10F.3A4.1D5AB6CDC25D1C4.0 at b12.mta01.sendsmaily.info>, qid:
<52a05bf9>, ip: 149.154.156.12, from: <bounce at sendsmaily.info>,
(default: T (greylist): [4.23/15.00]
[HTML_SHORT_LINK_IMG_1(2.00){},BAYES_HAM(-1.26){89.80%;},CTYPE_MIXED_BOGUS(1.00){},MANY_INVISIBLE_PARTS(1.00){10;},WHITELIST_SPF(-1.00){sendsmaily.info:s:+;},ZERO_FONT(1.00){18;},R_MIXED_CHARSET(0.83){subject;},NEURAL_SPAM_SHORT(0.68){0.341;},FORGED_SENDER(0.30){reisiuudised at airtours.ee;bounce at sendsmaily.info;},RBL_SENDERSCORE_EXCELLENT(-0.20){149.154.156.12:from;},R_SPF_ALLOW(-0.20){+ip4:149.154.156.8/29;},DMARC_POLICY_SOFTFAIL(0.10){airtours.ee
: SPF not aligned (relaxed), No valid
DKIM;none;},MIME_BASE64_TEXT(0.10){},MIME_GOOD(-0.10){multipart/mixed;multipart/related;multipart/alternative;text/plain;},HAS_LIST_UNSUB(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){i=1;},ASN(0.00){asn:57169,
ipnet:149.154.156.0/24,
country:AT;},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){reisiuudised at airtours.ee;bounce at sendsmaily.info;},HAS_REPLYTO(0.00){reisiuudised at airtours.ee;},MIME_TRACE(0.00){0:+;1:+;2:+;3:+;4:~;},PREVIOUSLY_DELIVERED(0.00){user at host.com;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_IN_DNSWL_NONE(0.00){149.154.156.12:from;},RCVD_TLS_LAST(0.00){},REPLYTO_ADDR_EQ_FROM(0.00){},R_DKIM_NA(0.00){},SUBJECT_ENDS_EXCLAIM(0.00){},TAGGED_FROM(0.00){uqb-17-0-10883;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]),
len: 35441, time: 289.370ms, dns req: 50, digest:
<e089b694fb52004b504df2d0bddc8402>, rcpts: <user at host.com>, mime_rcpts:
<user at host.com>
2019-12-06 09:07:47 #493(normal) <e15734>; task; rspamd_message_parse:
loaded message; id:
<0.0.10F.3A4.1D5AB6CDC25D1C4.0 at b12.mta01.sendsmaily.info>; queue-id:
<0ce9931c>; size: 35441; checksum: <e089b694fb52004b504df2d0bddc8402>
2019-12-06 09:07:47 #493(normal) <e15734>; lua; greylist.lua:298: Score
too low - skip greylisting
2019-12-06 09:07:47 #493(normal) <e15734>; task; rspamd_task_write_log:
id: <0.0.10F.3A4.1D5AB6CDC25D1C4.0 at b12.mta01.sendsmaily.info>, qid:
<0ce9931c>, ip: 149.154.156.12, from: <bounce at sendsmaily.info>,
(default: T (greylist): [4.23/15.00]
[HTML_SHORT_LINK_IMG_1(2.00){},BAYES_HAM(-1.26){89.80%;},CTYPE_MIXED_BOGUS(1.00){},MANY_INVISIBLE_PARTS(1.00){10;},WHITELIST_SPF(-1.00){sendsmaily.info:s:+;},ZERO_FONT(1.00){18;},R_MIXED_CHARSET(0.83){subject;},NEURAL_SPAM_SHORT(0.68){0.341;},FORGED_SENDER(0.30){reisiuudised at airtours.ee;bounce at sendsmaily.info;},RBL_SENDERSCORE_EXCELLENT(-0.20){149.154.156.12:from;},R_SPF_ALLOW(-0.20){+ip4:149.154.156.8/29;},DMARC_POLICY_SOFTFAIL(0.10){airtours.ee
: SPF not aligned (relaxed), No valid
DKIM;none;},MIME_BASE64_TEXT(0.10){},MIME_GOOD(-0.10){multipart/mixed;multipart/related;multipart/alternative;text/plain;},HAS_LIST_UNSUB(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){i=1;},ASN(0.00){asn:57169,
ipnet:149.154.156.0/24,
country:AT;},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){reisiuudised at airtours.ee;bounce at sendsmaily.info;},HAS_REPLYTO(0.00){reisiuudised at airtours.ee;},MIME_TRACE(0.00){0:+;1:+;2:+;3:+;4:~;},PREVIOUSLY_DELIVERED(0.00){user at host.com;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_IN_DNSWL_NONE(0.00){149.154.156.12:from;},RCVD_TLS_LAST(0.00){},REPLYTO_ADDR_EQ_FROM(0.00){},R_DKIM_NA(0.00){},SUBJECT_ENDS_EXCLAIM(0.00){},TAGGED_FROM(0.00){uqb-17-0-10883;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]),
len: 35441, time: 529.450ms, dns req: 52, digest:
<e089b694fb52004b504df2d0bddc8402>, rcpts: <user at host.com>, mime_rcpts:
<user at host.com>
More information about the Users
mailing list